Change log for chromium-browser package in Ubuntu
226 → 300 of 614 results | First • Previous • Next • Last |
chromium-browser (62.0.3202.94-0ubuntu0.17.04.1388) zesty; urgency=medium * Upstream release: 62.0.3202.94 -- Olivier Tilloy <email address hidden> Mon, 13 Nov 2017 23:39:47 +0100
Available diffs
chromium-browser (62.0.3202.94-0ubuntu0.14.04.1215) trusty; urgency=medium * Upstream release: 62.0.3202.94 -- Olivier Tilloy <email address hidden> Mon, 13 Nov 2017 23:38:02 +0100
Available diffs
- diff from 62.0.3202.89-0ubuntu0.14.04.1213 to 62.0.3202.94-0ubuntu0.14.04.1215 (pending)
chromium-browser (62.0.3202.94-0ubuntu0.16.04.1317) xenial; urgency=medium * Upstream release: 62.0.3202.94 -- Olivier Tilloy <email address hidden> Mon, 13 Nov 2017 23:17:10 +0100
Available diffs
chromium-browser (62.0.3202.94-0ubuntu0.17.10.1388) artful; urgency=medium * Upstream release: 62.0.3202.94 -- Olivier Tilloy <email address hidden> Mon, 13 Nov 2017 22:48:24 +0100
Available diffs
chromium-browser (62.0.3202.89-0ubuntu0.14.04.1213) trusty; urgency=medium * Upstream release: 62.0.3202.89 - CVE-2017-15398: Stack buffer overflow in QUIC. - CVE-2017-15399: Use after free in V8. -- Olivier Tilloy <email address hidden> Mon, 06 Nov 2017 23:01:32 +0100
Available diffs
chromium-browser (62.0.3202.89-0ubuntu0.16.04.1315) xenial; urgency=medium * Upstream release: 62.0.3202.89 - CVE-2017-15398: Stack buffer overflow in QUIC. - CVE-2017-15399: Use after free in V8. -- Olivier Tilloy <email address hidden> Mon, 06 Nov 2017 22:59:12 +0100
Available diffs
chromium-browser (62.0.3202.89-0ubuntu0.17.04.1386) zesty; urgency=medium * Upstream release: 62.0.3202.89 - CVE-2017-15398: Stack buffer overflow in QUIC. - CVE-2017-15399: Use after free in V8. -- Olivier Tilloy <email address hidden> Mon, 06 Nov 2017 22:49:46 +0100
Available diffs
chromium-browser (62.0.3202.89-0ubuntu0.17.10.1386) artful; urgency=medium * Upstream release: 62.0.3202.89 - CVE-2017-15398: Stack buffer overflow in QUIC. - CVE-2017-15399: Use after free in V8. -- Olivier Tilloy <email address hidden> Mon, 06 Nov 2017 22:40:20 +0100
Available diffs
chromium-browser (62.0.3202.75-0ubuntu0.14.04.1211) trusty; urgency=medium * Upstream release: 62.0.3202.75 - CVE-2017-15396: Stack overflow in V8. * debian/control: bump Standards-Version to 4.1.1 * debian/patches/set-rpath-on-chromium-executables.patch: updated * debian/tests/*: - removed stale autopkgtests - added new autopkgtests based on chromium's new headless mode * debian/source/include-binaries: updated to reflect new binary data in tests -- Olivier Tilloy <email address hidden> Fri, 27 Oct 2017 19:53:25 +0200
Available diffs
chromium-browser (62.0.3202.75-0ubuntu0.16.04.1313) xenial; urgency=medium * Upstream release: 62.0.3202.75 - CVE-2017-15396: Stack overflow in V8. * debian/control: bump Standards-Version to 4.1.1 * debian/patches/set-rpath-on-chromium-executables.patch: updated * debian/tests/*: - removed stale autopkgtests - added new autopkgtests based on chromium's new headless mode * debian/source/include-binaries: updated to reflect new binary data in tests -- Olivier Tilloy <email address hidden> Fri, 27 Oct 2017 19:48:18 +0200
Available diffs
chromium-browser (62.0.3202.75-0ubuntu0.17.04.1384) zesty; urgency=medium * Upstream release: 62.0.3202.75 - CVE-2017-15396: Stack overflow in V8. * debian/control: bump Standards-Version to 4.1.1 * debian/patches/set-rpath-on-chromium-executables.patch: updated * debian/tests/*: - removed stale autopkgtests - added new autopkgtests based on chromium's new headless mode * debian/source/include-binaries: updated to reflect new binary data in tests -- Olivier Tilloy <email address hidden> Fri, 27 Oct 2017 19:22:48 +0200
Available diffs
- diff from 62.0.3202.62-0ubuntu0.17.04.1379 to 62.0.3202.75-0ubuntu0.17.04.1384 (pending)
chromium-browser (62.0.3202.75-0ubuntu0.17.10.1384) artful; urgency=medium * Upstream release: 62.0.3202.75 - CVE-2017-15396: Stack overflow in V8. * debian/control: bump Standards-Version to 4.1.1 * debian/patches/set-rpath-on-chromium-executables.patch: updated -- Olivier Tilloy <email address hidden> Fri, 27 Oct 2017 18:36:02 +0200
Available diffs
chromium-browser (62.0.3202.62-0ubuntu0.14.04.1204) trusty; urgency=medium * Upstream release: 62.0.3202.62 - CVE-2017-5124: UXSS with MHTML. - CVE-2017-5125: Heap overflow in Skia. - CVE-2017-5126: Use after free in PDFium. - CVE-2017-5127: Use after free in PDFium. - CVE-2017-5128: Heap overflow in WebGL. - CVE-2017-5129: Use after free in WebAudio. - CVE-2017-5132: Incorrect stack manipulation in WebAssembly. - CVE-2017-5130: Heap overflow in libxml2. - CVE-2017-5131: Out of bounds write in Skia. - CVE-2017-5133: Out of bounds write in Skia. - CVE-2017-15386: UI spoofing in Blink. - CVE-2017-15387: Content security bypass. - CVE-2017-15388: Out of bounds read in Skia. - CVE-2017-15389: URL spoofing in OmniBox. - CVE-2017-15390: URL spoofing in OmniBox. - CVE-2017-15391: Extension limitation bypass in Extensions. - CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. - CVE-2017-15393: Referrer leak in Devtools. - CVE-2017-15394: URL spoofing in extensions UI. - CVE-2017-15395: Null pointer dereference in ImageCapture. * debian/control: - build with clang 4.0 - bump Standards-Version to 4.1.0 * debian/rules: - build with clang 4.0 - also build gn with clang 4.0 - do not disable swiftshader on i386 (LP: #1697496) - when building on armhf, pass symbol_level=0 to gn in the hope that Launchpad builders won't run out of memory when linking * debian/patches/additional-search-engines.patch: refreshed * debian/patches/allow-component-build: removed, unused * debian/patches/arm64-vpx-alignment: removed, no longer needed * debian/patches/c++-compatibility.patch: added * debian/patches/defang-ct-timebomb: removed, unused * debian/patches/disable-sse2: refreshed * debian/patches/enable-chromecast-by-default.patch: refreshed * debian/patches/fix-argument-evaluation-order.patch: removed, no longer needed * debian/patches/fix-compilation-for-atk.patch: removed, no longer needed * debian/patches/fix-compilation-for-atk-version-check.patch: removed, no longer needed * debian/patches/fix-gn-bootstrap.patch: updated * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed * debian/patches/gcc-compilation-fixes.patch: removed, no longer needed * debian/patches/make-base-numerics-build-with-gcc.patch: removed, no longer needed * debian/patches/no-new-ninja-flag.patch: added * debian/patches/protobuf-fullness: removed, unused * debian/patches/really-disable-swiftshader-on-x86.patch: removed, no longer needed * debian/patches/reduce-ld-memory-usage.patch: removed, no longer needed * debian/patches/revert-clang-nostdlib++.patch: added * debian/patches/revert-llvm-ar.patch: removed, no longer needed * debian/patches/search-credit.patch: refreshed * debian/patches/set-rpath-on-chromium-executables.patch: refreshed * debian/patches/suppress-newer-clang-warning-flags.patch: added * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/use-clang-versioned.patch: added * debian/patches/use-gcc-versioned: removed, no longer needed * debian/patches/vulkan-c99.patch: removed, no longer needed * debian/patches/widevine-other-locations: refreshed * debian/known_gyp_flags: removed, unused * debian/known_gn_gen_args-[i386,amd64,armhf]: added -- Olivier Tilloy <email address hidden> Thu, 19 Oct 2017 11:07:58 +0200
Available diffs
chromium-browser (62.0.3202.62-0ubuntu0.16.04.1308) xenial; urgency=medium * Upstream release: 62.0.3202.62 - CVE-2017-5124: UXSS with MHTML. - CVE-2017-5125: Heap overflow in Skia. - CVE-2017-5126: Use after free in PDFium. - CVE-2017-5127: Use after free in PDFium. - CVE-2017-5128: Heap overflow in WebGL. - CVE-2017-5129: Use after free in WebAudio. - CVE-2017-5132: Incorrect stack manipulation in WebAssembly. - CVE-2017-5130: Heap overflow in libxml2. - CVE-2017-5131: Out of bounds write in Skia. - CVE-2017-5133: Out of bounds write in Skia. - CVE-2017-15386: UI spoofing in Blink. - CVE-2017-15387: Content security bypass. - CVE-2017-15388: Out of bounds read in Skia. - CVE-2017-15389: URL spoofing in OmniBox. - CVE-2017-15390: URL spoofing in OmniBox. - CVE-2017-15391: Extension limitation bypass in Extensions. - CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. - CVE-2017-15393: Referrer leak in Devtools. - CVE-2017-15394: URL spoofing in extensions UI. - CVE-2017-15395: Null pointer dereference in ImageCapture. * debian/control: bump Standards-Version to 4.1.0 * debian/patches/additional-search-engines.patch: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/enable-chromecast-by-default.patch: refreshed * debian/patches/fix-compilation-for-atk.patch: removed, no longer needed * debian/patches/fix-gn-bootstrap.patch: updated * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed * debian/patches/make-base-numerics-build-with-gcc.patch: removed, no longer needed * debian/patches/no-new-ninja-flag.patch: added * debian/patches/revert-clang-nostdlib++.patch: added * debian/patches/search-credit.patch: refreshed * debian/patches/set-rpath-on-chromium-executables.patch: refreshed * debian/patches/suppress-newer-clang-warning-flags.patch: added * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/use-clang-versioned.patch: refreshed * debian/patches/widevine-other-locations: refreshed -- Olivier Tilloy <email address hidden> Wed, 18 Oct 2017 22:47:27 +0200
Available diffs
chromium-browser (62.0.3202.62-0ubuntu0.17.04.1379) zesty; urgency=medium * Upstream release: 62.0.3202.62 - CVE-2017-5124: UXSS with MHTML. - CVE-2017-5125: Heap overflow in Skia. - CVE-2017-5126: Use after free in PDFium. - CVE-2017-5127: Use after free in PDFium. - CVE-2017-5128: Heap overflow in WebGL. - CVE-2017-5129: Use after free in WebAudio. - CVE-2017-5132: Incorrect stack manipulation in WebAssembly. - CVE-2017-5130: Heap overflow in libxml2. - CVE-2017-5131: Out of bounds write in Skia. - CVE-2017-5133: Out of bounds write in Skia. - CVE-2017-15386: UI spoofing in Blink. - CVE-2017-15387: Content security bypass. - CVE-2017-15388: Out of bounds read in Skia. - CVE-2017-15389: URL spoofing in OmniBox. - CVE-2017-15390: URL spoofing in OmniBox. - CVE-2017-15391: Extension limitation bypass in Extensions. - CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. - CVE-2017-15393: Referrer leak in Devtools. - CVE-2017-15394: URL spoofing in extensions UI. - CVE-2017-15395: Null pointer dereference in ImageCapture. * debian/control: bump Standards-Version to 4.1.0 * debian/patches/additional-search-engines.patch: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/enable-chromecast-by-default.patch: refreshed * debian/patches/fix-compilation-for-atk.patch: removed, no longer needed * debian/patches/fix-gn-bootstrap.patch: updated * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed * debian/patches/make-base-numerics-build-with-gcc.patch: removed, no longer needed * debian/patches/revert-clang-nostdlib++.patch: added * debian/patches/search-credit.patch: refreshed * debian/patches/set-rpath-on-chromium-executables.patch: refreshed * debian/patches/suppress-newer-clang-warning-flags.patch: added * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/widevine-other-locations: refreshed -- Olivier Tilloy <email address hidden> Wed, 18 Oct 2017 22:19:17 +0200
Available diffs
- diff from 61.0.3163.100-0ubuntu0.17.04.1377 to 62.0.3202.62-0ubuntu0.17.04.1379 (pending)
Superseded in bionic-release |
Deleted in bionic-proposed (Reason: moved to release) |
Superseded in artful-updates |
Superseded in artful-security |
chromium-browser (62.0.3202.62-0ubuntu0.17.10.1380) artful; urgency=medium * Upstream release: 62.0.3202.62 - CVE-2017-5124: UXSS with MHTML. - CVE-2017-5125: Heap overflow in Skia. - CVE-2017-5126: Use after free in PDFium. - CVE-2017-5127: Use after free in PDFium. - CVE-2017-5128: Heap overflow in WebGL. - CVE-2017-5129: Use after free in WebAudio. - CVE-2017-5132: Incorrect stack manipulation in WebAssembly. - CVE-2017-5130: Heap overflow in libxml2. - CVE-2017-5131: Out of bounds write in Skia. - CVE-2017-5133: Out of bounds write in Skia. - CVE-2017-15386: UI spoofing in Blink. - CVE-2017-15387: Content security bypass. - CVE-2017-15388: Out of bounds read in Skia. - CVE-2017-15389: URL spoofing in OmniBox. - CVE-2017-15390: URL spoofing in OmniBox. - CVE-2017-15391: Extension limitation bypass in Extensions. - CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. - CVE-2017-15393: Referrer leak in Devtools. - CVE-2017-15394: URL spoofing in extensions UI. - CVE-2017-15395: Null pointer dereference in ImageCapture. * debian/control: - bump Standards-Version to 4.1.0 - build against clang 5.0 * debian/patches/additional-search-engines.patch: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/enable-chromecast-by-default.patch: refreshed * debian/patches/fix-compilation-for-atk.patch: removed, no longer needed * debian/patches/fix-gn-bootstrap.patch: updated * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed * debian/patches/glibc-2-26-changes.patch: refreshed * debian/patches/make-base-numerics-build-with-gcc.patch: removed, no longer needed * debian/patches/revert-clang-nostdlib++.patch: added * debian/patches/search-credit.patch: refreshed * debian/patches/set-rpath-on-chromium-executables.patch: refreshed * debian/patches/suppress-newer-clang-warning-flags.patch: added * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/use-clang-versioned.patch: added * debian/patches/widevine-other-locations: refreshed * debian/tests/html5test: update test expectations -- Olivier Tilloy <email address hidden> Wed, 18 Oct 2017 21:19:28 +0200
Superseded in bionic-release |
Obsolete in artful-release |
Deleted in artful-proposed (Reason: moved to release) |
chromium-browser (61.0.3163.100-0ubuntu1.1378) artful; urgency=medium * debian/patches/set-rpath-on-chromium-executables.patch: added (LP: #1718885) * debian/chromium-browser.sh.in: remove LD_LIBRARY_PATH manipulation, made unnecessary by patch above
Available diffs
- diff from 60.0.3112.113-0ubuntu1.1369 to 61.0.3163.100-0ubuntu1.1378 (66.8 MiB)
- diff from 61.0.3163.79-0ubuntu1.1371 to 61.0.3163.100-0ubuntu1.1378 (pending)
chromium-browser (61.0.3163.100-0ubuntu0.14.04.1202) trusty; urgency=medium * debian/patches/set-rpath-on-chromium-executables.patch: added (LP: #1718885) * debian/chromium-browser.sh.in: remove LD_LIBRARY_PATH manipulation, made unnecessary by patch above -- Olivier Tilloy <email address hidden> Tue, 26 Sep 2017 10:01:47 -0400
Available diffs
- diff from 61.0.3163.79-0ubuntu0.14.04.1196 to 61.0.3163.100-0ubuntu0.14.04.1202 (483.2 KiB)
- diff from 61.0.3163.100-0ubuntu0.14.04.1200 to 61.0.3163.100-0ubuntu0.14.04.1202 (pending)
chromium-browser (61.0.3163.100-0ubuntu0.16.04.1306) xenial; urgency=medium * debian/patches/set-rpath-on-chromium-executables.patch: added (LP: #1718885) * debian/chromium-browser.sh.in: remove LD_LIBRARY_PATH manipulation, made unnecessary by patch above -- Olivier Tilloy <email address hidden> Tue, 26 Sep 2017 09:53:03 -0400
chromium-browser (61.0.3163.100-0ubuntu0.17.04.1377) zesty; urgency=medium * debian/patches/set-rpath-on-chromium-executables.patch: added (LP: #1718885) * debian/chromium-browser.sh.in: remove LD_LIBRARY_PATH manipulation, made unnecessary by patch above -- Olivier Tilloy <email address hidden> Tue, 26 Sep 2017 09:48:13 -0400
Superseded in artful-proposed |
chromium-browser (61.0.3163.79-0ubuntu1.1371) artful; urgency=medium * Upstream release: 61.0.3163.79 - CVE-2017-5111: Use after free in PDFium. - CVE-2017-5112: Heap buffer overflow in WebGL. - CVE-2017-5113: Heap buffer overflow in Skia. - CVE-2017-5114: Memory lifecycle issue in PDFium. - CVE-2017-5115: Type confusion in V8. - CVE-2017-5116: Type confusion in V8. - CVE-2017-5117: Use of uninitialized value in Skia. - CVE-2017-5118: Bypass of Content Security Policy in Blink. - CVE-2017-5119: Use of uninitialized value in Skia. - CVE-2017-5120: Potential HTTPS downgrade during redirect navigation. * debian/control: - bump Standards-Version to 4.0.0 - add build dependency on llvm * debian/rules: build with is_component_build=false, is_official_build=true, allow_posix_link_time_opt=false and fatal_linker_warnings=false * debian/patches/additional-search-engines.patch: refreshed * debian/patches/define__libc_malloc.patch: added * debian/patches/disable-sse2: refreshed * debian/patches/enable-chromecast-by-default.patch: refreshed * debian/patches/fix-compilation-for-atk.patch: added * debian/patches/fix-gn-bootstrap.patch: updated * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed * debian/patches/make-base-numerics-build-with-gcc.patch: added * debian/patches/revert-llvm-ar.patch: removed, no longer needed * debian/patches/search-credit.patch: refreshed * debian/patches/skia-undef-HWCAP_CRC32.patch: added * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/tests/chromium-version: fix test shutdown * debian/tests/html5test: - fix test shutdown - update test expectations -- Olivier Tilloy <email address hidden> Mon, 11 Sep 2017 22:07:08 +0200
Available diffs
chromium-browser (61.0.3163.79-0ubuntu0.14.04.1196) trusty; urgency=medium * Upstream release: 61.0.3163.79 - CVE-2017-5111: Use after free in PDFium. - CVE-2017-5112: Heap buffer overflow in WebGL. - CVE-2017-5113: Heap buffer overflow in Skia. - CVE-2017-5114: Memory lifecycle issue in PDFium. - CVE-2017-5115: Type confusion in V8. - CVE-2017-5116: Type confusion in V8. - CVE-2017-5117: Use of uninitialized value in Skia. - CVE-2017-5118: Bypass of Content Security Policy in Blink. - CVE-2017-5119: Use of uninitialized value in Skia. - CVE-2017-5120: Potential HTTPS downgrade during redirect navigation. * debian/control: bump Standards-Version to 4.0.0 * debian/rules: - build with use_custom_libcxx=false to force the use of the system libstdc++ - build with is_component_build=false, is_official_build=true, allow_posix_link_time_opt=false and fatal_linker_warnings=false * debian/patches/additional-search-engines.patch: refreshed * debian/patches/define__libc_malloc.patch: added * debian/patches/disable-sse2: refreshed * debian/patches/enable-chromecast-by-default.patch: refreshed * debian/patches/fix-compilation-for-atk.patch: added * debian/patches/fix-compilation-for-atk-version-check.patch: added * debian/patches/fix-gn-bootstrap.patch: updated * debian/patches/fix-webkit-layout-build-with-g++.patch: removed, no longer needed * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed * debian/patches/gcc-compilation-fixes.patch: added * debian/patches/make-base-numerics-build-with-gcc.patch: added * debian/patches/really-disable-swiftshader-on-x86.patch: updated * debian/patches/reduce-ld-memory-usage.patch: added * debian/patches/relax-ninja-version-requirement.patch: added * debian/patches/revert-llvm-ar.patch: refreshed * debian/patches/search-credit.patch: refreshed * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/use-gcc-versioned: refreshed -- Olivier Tilloy <email address hidden> Mon, 11 Sep 2017 23:12:48 +0200
Available diffs
chromium-browser (61.0.3163.79-0ubuntu0.16.04.1300) xenial; urgency=medium * Upstream release: 61.0.3163.79 - CVE-2017-5111: Use after free in PDFium. - CVE-2017-5112: Heap buffer overflow in WebGL. - CVE-2017-5113: Heap buffer overflow in Skia. - CVE-2017-5114: Memory lifecycle issue in PDFium. - CVE-2017-5115: Type confusion in V8. - CVE-2017-5116: Type confusion in V8. - CVE-2017-5117: Use of uninitialized value in Skia. - CVE-2017-5118: Bypass of Content Security Policy in Blink. - CVE-2017-5119: Use of uninitialized value in Skia. - CVE-2017-5120: Potential HTTPS downgrade during redirect navigation. * debian/control: - bump Standards-Version to 4.0.0 - add build dependency on llvm-4.0 * debian/rules: build with is_component_build=false, is_official_build=true, allow_posix_link_time_opt=false and fatal_linker_warnings=false * debian/patches/additional-search-engines.patch: refreshed * debian/patches/define__libc_malloc.patch: added * debian/patches/disable-sse2: refreshed * debian/patches/enable-chromecast-by-default.patch: refreshed * debian/patches/fix-compilation-for-atk.patch: added * debian/patches/fix-gn-bootstrap.patch: updated * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed * debian/patches/make-base-numerics-build-with-gcc.patch: added * debian/patches/relax-ninja-version-requirement.patch: added * debian/patches/revert-llvm-ar.patch: removed, no longer needed * debian/patches/search-credit.patch: refreshed * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/use-clang-versioned.patch: updated -- Olivier Tilloy <email address hidden> Mon, 11 Sep 2017 22:53:22 +0200
Available diffs
chromium-browser (61.0.3163.79-0ubuntu0.17.04.1371) zesty; urgency=medium * Upstream release: 61.0.3163.79 - CVE-2017-5111: Use after free in PDFium. - CVE-2017-5112: Heap buffer overflow in WebGL. - CVE-2017-5113: Heap buffer overflow in Skia. - CVE-2017-5114: Memory lifecycle issue in PDFium. - CVE-2017-5115: Type confusion in V8. - CVE-2017-5116: Type confusion in V8. - CVE-2017-5117: Use of uninitialized value in Skia. - CVE-2017-5118: Bypass of Content Security Policy in Blink. - CVE-2017-5119: Use of uninitialized value in Skia. - CVE-2017-5120: Potential HTTPS downgrade during redirect navigation. * debian/control: - bump Standards-Version to 4.0.0 - add build dependency on llvm * debian/rules: build with is_component_build=false, is_official_build=true, allow_posix_link_time_opt=false and fatal_linker_warnings=false * debian/patches/additional-search-engines.patch: refreshed * debian/patches/define__libc_malloc.patch: added * debian/patches/disable-sse2: refreshed * debian/patches/enable-chromecast-by-default.patch: refreshed * debian/patches/fix-compilation-for-atk.patch: added * debian/patches/fix-gn-bootstrap.patch: updated * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed * debian/patches/make-base-numerics-build-with-gcc.patch: added * debian/patches/revert-llvm-ar.patch: removed, no longer needed * debian/patches/search-credit.patch: refreshed * debian/patches/skia-undef-HWCAP_CRC32.patch: added * debian/patches/title-bar-default-system.patch-v35: refreshed -- Olivier Tilloy <email address hidden> Mon, 11 Sep 2017 22:39:06 +0200
Available diffs
chromium-browser (60.0.3112.113-0ubuntu1.1369) artful; urgency=medium * Upstream release: 60.0.3112.113 -- Olivier Tilloy <email address hidden> Fri, 25 Aug 2017 07:45:36 +0200
Available diffs
chromium-browser (60.0.3112.113-0ubuntu0.14.04.1194) trusty; urgency=medium * Upstream release: 60.0.3112.113 -- Olivier Tilloy <email address hidden> Fri, 25 Aug 2017 08:16:05 +0200
Available diffs
- diff from 60.0.3112.78-0ubuntu0.14.04.1190 to 60.0.3112.113-0ubuntu0.14.04.1194 (157.2 KiB)
- diff from 60.0.3112.101-0ubuntu0.14.04.1193 to 60.0.3112.113-0ubuntu0.14.04.1194 (pending)
chromium-browser (60.0.3112.113-0ubuntu0.16.04.1298) xenial; urgency=medium * Upstream release: 60.0.3112.113 -- Olivier Tilloy <email address hidden> Fri, 25 Aug 2017 08:12:34 +0200
Available diffs
- diff from 60.0.3112.78-0ubuntu0.16.04.1293 to 60.0.3112.113-0ubuntu0.16.04.1298 (158.0 KiB)
- diff from 60.0.3112.101-0ubuntu0.16.04.1297 to 60.0.3112.113-0ubuntu0.16.04.1298 (pending)
chromium-browser (60.0.3112.113-0ubuntu0.17.04.1369) zesty; urgency=medium * Upstream release: 60.0.3112.113 -- Olivier Tilloy <email address hidden> Fri, 25 Aug 2017 07:59:14 +0200
chromium-browser (60.0.3112.78-0ubuntu1.1363) artful; urgency=medium * Upstream release: 60.0.3112.78 - CVE-2017-5091: Use after free in IndexedDB. - CVE-2017-5092: Use after free in PPAPI. - CVE-2017-5093: UI spoofing in Blink. - CVE-2017-5094: Type confusion in extensions. - CVE-2017-5095: Out-of-bounds write in PDFium. - CVE-2017-5096: User information leak via Android intents. - CVE-2017-5097: Out-of-bounds read in Skia. - CVE-2017-5098: Use after free in V8. - CVE-2017-5099: Out-of-bounds write in PPAPI. - CVE-2017-5100: Use after free in Chrome Apps. - CVE-2017-5101: URL spoofing in OmniBox. - CVE-2017-5102: Uninitialized use in Skia. - CVE-2017-5103: Uninitialized use in Skia. - CVE-2017-5104: UI spoofing in browser. - CVE-2017-5105: URL spoofing in OmniBox. - CVE-2017-5106: URL spoofing in OmniBox. - CVE-2017-5107: User information leak via SVG. - CVE-2017-5108: Type confusion in PDFium. - CVE-2017-5109: UI spoofing in browser. - CVE-2017-5110: UI spoofing in payments dialog. - CVE-2017-7000: Pointer disclosure in SQLite. * debian/patches/additional-search-engines.patch: refreshed * debian/patches/default-allocator: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed * debian/patches/fix-gn-bootstrap.patch: added * debian/patches/last-commit-position: refreshed * debian/patches/linux-dma-buf.patch: removed, no longer needed * debian/patches/memory-free-assertion-failure: removed, no longer needed * debian/patches/revert-llvm-ar.patch: refreshed * debian/patches/search-credit.patch: refreshed * debian/patches/snapshot-library-link: removed, no longer needed * debian/patches/stdatomic: removed, no longer needed * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/use-gcc-versioned: removed, no longer needed * debian/tests/html5test: - updated test expectations - refactored test to not fail early, thus giving the test a chance to list all failed expectations before bailing out -- Olivier Tilloy <email address hidden> Mon, 31 Jul 2017 16:03:31 +0200
Available diffs
- diff from 59.0.3071.109-0ubuntu1.1360 to 60.0.3112.78-0ubuntu1.1363 (pending)
chromium-browser (60.0.3112.78-0ubuntu0.14.04.1190) trusty; urgency=medium * Upstream release: 60.0.3112.78 - CVE-2017-5091: Use after free in IndexedDB. - CVE-2017-5092: Use after free in PPAPI. - CVE-2017-5093: UI spoofing in Blink. - CVE-2017-5094: Type confusion in extensions. - CVE-2017-5095: Out-of-bounds write in PDFium. - CVE-2017-5096: User information leak via Android intents. - CVE-2017-5097: Out-of-bounds read in Skia. - CVE-2017-5098: Use after free in V8. - CVE-2017-5099: Out-of-bounds write in PPAPI. - CVE-2017-5100: Use after free in Chrome Apps. - CVE-2017-5101: URL spoofing in OmniBox. - CVE-2017-5102: Uninitialized use in Skia. - CVE-2017-5103: Uninitialized use in Skia. - CVE-2017-5104: UI spoofing in browser. - CVE-2017-5105: URL spoofing in OmniBox. - CVE-2017-5106: URL spoofing in OmniBox. - CVE-2017-5107: User information leak via SVG. - CVE-2017-5108: Type confusion in PDFium. - CVE-2017-5109: UI spoofing in browser. - CVE-2017-5110: UI spoofing in payments dialog. - CVE-2017-7000: Pointer disclosure in SQLite. * debian/patches/additional-search-engines.patch: refreshed * debian/patches/default-allocator: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed * debian/patches/fix-gn-bootstrap.patch: added * debian/patches/fix-webkit-layout-build-with-g++.patch: added * debian/patches/last-commit-position: refreshed * debian/patches/linux-dma-buf.patch: removed, no longer needed * debian/patches/memory-free-assertion-failure: removed, no longer needed * debian/patches/really-disable-swiftshader-on-x86.patch: refreshed * debian/patches/revert-llvm-ar.patch: refreshed * debian/patches/search-credit.patch: refreshed * debian/patches/snapshot-library-link: removed, no longer needed * debian/patches/stdatomic: removed, no longer needed * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/vulkan-c99.patch: added -- Olivier Tilloy <email address hidden> Mon, 31 Jul 2017 18:02:45 +0200
chromium-browser (60.0.3112.78-0ubuntu0.16.04.1293) xenial; urgency=medium * Upstream release: 60.0.3112.78 - CVE-2017-5091: Use after free in IndexedDB. - CVE-2017-5092: Use after free in PPAPI. - CVE-2017-5093: UI spoofing in Blink. - CVE-2017-5094: Type confusion in extensions. - CVE-2017-5095: Out-of-bounds write in PDFium. - CVE-2017-5096: User information leak via Android intents. - CVE-2017-5097: Out-of-bounds read in Skia. - CVE-2017-5098: Use after free in V8. - CVE-2017-5099: Out-of-bounds write in PPAPI. - CVE-2017-5100: Use after free in Chrome Apps. - CVE-2017-5101: URL spoofing in OmniBox. - CVE-2017-5102: Uninitialized use in Skia. - CVE-2017-5103: Uninitialized use in Skia. - CVE-2017-5104: UI spoofing in browser. - CVE-2017-5105: URL spoofing in OmniBox. - CVE-2017-5106: URL spoofing in OmniBox. - CVE-2017-5107: User information leak via SVG. - CVE-2017-5108: Type confusion in PDFium. - CVE-2017-5109: UI spoofing in browser. - CVE-2017-5110: UI spoofing in payments dialog. - CVE-2017-7000: Pointer disclosure in SQLite. * debian/control, debian/rules: build with clang 4.0 * debian/patches/additional-search-engines.patch: refreshed * debian/patches/allow-component-build: removed, unused * debian/patches/arm64-vpx-alignment: removed, no longer needed * debian/patches/defang-ct-timebomb: removed, unused * debian/patches/default-allocator: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed * debian/patches/fix-gn-bootstrap.patch: added * debian/patches/last-commit-position: refreshed * debian/patches/linux-dma-buf.patch: removed, no longer needed * debian/patches/memory-free-assertion-failure: removed, no longer needed * debian/patches/no-fPIC.patch: removed, no longer needed * debian/patches/protobuf-fullness: removed, unused * debian/patches/revert-llvm-ar.patch: refreshed * debian/patches/search-credit.patch: refreshed * debian/patches/snapshot-library-link: removed, no longer needed * debian/patches/stdatomic: removed, no longer needed * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/use-clang-versioned.patch: added * debian/patches/use-gcc-versioned: removed, no longer needed * debian/known_gyp_flags: removed, unused * debian/known_gn_gen_args-[i386,amd64,armhf]: added -- Olivier Tilloy <email address hidden> Mon, 31 Jul 2017 17:25:16 +0200
Available diffs
- diff from 59.0.3071.109-0ubuntu0.16.04.1291 (in ~canonical-chromium-builds/ubuntu/stage) to 60.0.3112.78-0ubuntu0.16.04.1293 (58.4 MiB)
- diff from 59.0.3071.115-0ubuntu0.16.04.1291 to 60.0.3112.78-0ubuntu0.16.04.1293 (pending)
chromium-browser (60.0.3112.78-0ubuntu0.17.04.1363) zesty; urgency=medium * Upstream release: 60.0.3112.78 - CVE-2017-5091: Use after free in IndexedDB. - CVE-2017-5092: Use after free in PPAPI. - CVE-2017-5093: UI spoofing in Blink. - CVE-2017-5094: Type confusion in extensions. - CVE-2017-5095: Out-of-bounds write in PDFium. - CVE-2017-5096: User information leak via Android intents. - CVE-2017-5097: Out-of-bounds read in Skia. - CVE-2017-5098: Use after free in V8. - CVE-2017-5099: Out-of-bounds write in PPAPI. - CVE-2017-5100: Use after free in Chrome Apps. - CVE-2017-5101: URL spoofing in OmniBox. - CVE-2017-5102: Uninitialized use in Skia. - CVE-2017-5103: Uninitialized use in Skia. - CVE-2017-5104: UI spoofing in browser. - CVE-2017-5105: URL spoofing in OmniBox. - CVE-2017-5106: URL spoofing in OmniBox. - CVE-2017-5107: User information leak via SVG. - CVE-2017-5108: Type confusion in PDFium. - CVE-2017-5109: UI spoofing in browser. - CVE-2017-5110: UI spoofing in payments dialog. - CVE-2017-7000: Pointer disclosure in SQLite. * debian/patches/additional-search-engines.patch: refreshed * debian/patches/default-allocator: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed * debian/patches/fix-gn-bootstrap.patch: added * debian/patches/last-commit-position: refreshed * debian/patches/linux-dma-buf.patch: removed, no longer needed * debian/patches/memory-free-assertion-failure: removed, no longer needed * debian/patches/revert-llvm-ar.patch: refreshed * debian/patches/search-credit.patch: refreshed * debian/patches/snapshot-library-link: removed, no longer needed * debian/patches/stdatomic: removed, no longer needed * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/use-gcc-versioned: removed, no longer needed -- Olivier Tilloy <email address hidden> Mon, 31 Jul 2017 17:04:59 +0200
chromium-browser (59.0.3071.109-0ubuntu0.14.04.1188) trusty; urgency=medium * debian/patches/fix-argument-evaluation-order.patch: added (LP: #1702407) -- Olivier Tilloy <email address hidden> Fri, 07 Jul 2017 10:57:00 +0200
chromium-browser (59.0.3071.109-0ubuntu0.16.04.1291) xenial; urgency=medium * debian/patches/fix-argument-evaluation-order.patch: added (LP: #1702407) -- Olivier Tilloy <email address hidden> Fri, 07 Jul 2017 10:53:25 +0200
chromium-browser (59.0.3071.109-0ubuntu1.1360) artful; urgency=medium * Upstream release: 59.0.3071.109 -- Olivier Tilloy <email address hidden> Wed, 21 Jun 2017 06:09:45 +0200
Available diffs
chromium-browser (59.0.3071.109-0ubuntu0.14.04.1186) trusty; urgency=medium * Upstream release: 59.0.3071.109 -- Olivier Tilloy <email address hidden> Wed, 21 Jun 2017 06:54:41 +0200
Available diffs
- diff from 58.0.3029.110-0ubuntu0.14.04.1176 to 59.0.3071.109-0ubuntu0.14.04.1186 (63.1 MiB)
- diff from 59.0.3071.86-0ubuntu0.14.04.1182 (in ~osomon/ubuntu/cr-test-1697496-deletedppa) to 59.0.3071.109-0ubuntu0.14.04.1186 (32.5 KiB)
- diff from 59.0.3071.104-0ubuntu0.14.04.1184 to 59.0.3071.109-0ubuntu0.14.04.1186 (7.0 KiB)
chromium-browser (59.0.3071.109-0ubuntu0.16.04.1289) xenial; urgency=medium * Upstream release: 59.0.3071.109 -- Olivier Tilloy <email address hidden> Wed, 21 Jun 2017 06:47:10 +0200
Available diffs
- diff from 58.0.3029.110-0ubuntu0.16.04.1281 to 59.0.3071.109-0ubuntu0.16.04.1289 (63.1 MiB)
- diff from 59.0.3071.86-0ubuntu0.16.04.1285 (in ~osomon/ubuntu/cr-test-1697496-deletedppa) to 59.0.3071.109-0ubuntu0.16.04.1289 (32.4 KiB)
- diff from 59.0.3071.104-0ubuntu0.16.04.1287 to 59.0.3071.109-0ubuntu0.16.04.1289 (7.0 KiB)
chromium-browser (59.0.3071.109-0ubuntu0.16.10.1357) yakkety; urgency=medium * Upstream release: 59.0.3071.109 -- Olivier Tilloy <email address hidden> Wed, 21 Jun 2017 06:45:30 +0200
Available diffs
- diff from 58.0.3029.110-0ubuntu0.16.10.1349 to 59.0.3071.109-0ubuntu0.16.10.1357 (63.1 MiB)
- diff from 59.0.3071.86-0ubuntu0.16.10.1353 (in ~osomon/ubuntu/cr-test-1697496-deletedppa) to 59.0.3071.109-0ubuntu0.16.10.1357 (32.4 KiB)
- diff from 59.0.3071.104-0ubuntu0.16.10.1355 to 59.0.3071.109-0ubuntu0.16.10.1357 (7.0 KiB)
chromium-browser (59.0.3071.109-0ubuntu0.17.04.1360) zesty; urgency=medium * Upstream release: 59.0.3071.109 -- Olivier Tilloy <email address hidden> Wed, 21 Jun 2017 06:37:28 +0200
chromium-browser (58.0.3029.110-0ubuntu1.1354) artful; urgency=medium * Upstream release: 58.0.3029.110 * debian/control: bump Standards-Version to 3.9.8 -- Olivier Tilloy <email address hidden> Wed, 10 May 2017 06:46:40 +0200
Available diffs
chromium-browser (58.0.3029.110-0ubuntu0.16.04.1281) xenial; urgency=medium * Upstream release: 58.0.3029.110 * debian/control: bump Standards-Version to 3.9.8 -- Olivier Tilloy <email address hidden> Wed, 10 May 2017 07:23:02 +0200
Available diffs
chromium-browser (58.0.3029.110-0ubuntu0.14.04.1176) trusty; urgency=medium * Upstream release: 58.0.3029.110 * debian/control: bump Standards-Version to 3.9.8 -- Olivier Tilloy <email address hidden> Wed, 10 May 2017 07:25:53 +0200
Available diffs
chromium-browser (58.0.3029.110-0ubuntu0.16.10.1349) yakkety; urgency=medium * Upstream release: 58.0.3029.110 * debian/control: bump Standards-Version to 3.9.8 -- Olivier Tilloy <email address hidden> Wed, 10 May 2017 07:21:06 +0200
Available diffs
chromium-browser (58.0.3029.110-0ubuntu0.17.04.1354) zesty; urgency=medium * Upstream release: 58.0.3029.110 * debian/control: bump Standards-Version to 3.9.8 -- Olivier Tilloy <email address hidden> Wed, 10 May 2017 06:34:09 +0200
Available diffs
chromium-browser (58.0.3029.96-0ubuntu1.1352) artful; urgency=medium * Upstream release: 58.0.3029.96 - CVE-2017-5068: Race condition in WebRTC. -- Olivier Tilloy <email address hidden> Wed, 03 May 2017 06:39:50 +0200
Available diffs
chromium-browser (58.0.3029.96-0ubuntu0.14.04.1174) trusty; urgency=medium * Upstream release: 58.0.3029.96 - CVE-2017-5068: Race condition in WebRTC. -- Olivier Tilloy <email address hidden> Wed, 03 May 2017 06:56:50 +0200
Available diffs
- diff from 58.0.3029.81-0ubuntu0.14.04.1172 (in ~canonical-chromium-builds/ubuntu/stage) to 58.0.3029.96-0ubuntu0.14.04.1174 (13.5 MiB)
- diff from 34.0.1847.116-0ubuntu2 (in Ubuntu) to 58.0.3029.96-0ubuntu0.14.04.1174 (pending)
chromium-browser (58.0.3029.96-0ubuntu0.16.04.1279) xenial; urgency=medium * Upstream release: 58.0.3029.96 - CVE-2017-5068: Race condition in WebRTC. -- Olivier Tilloy <email address hidden> Wed, 03 May 2017 06:49:16 +0200
Available diffs
- diff from 58.0.3029.81-0ubuntu0.16.04.1277 (in ~canonical-chromium-builds/ubuntu/stage) to 58.0.3029.96-0ubuntu0.16.04.1279 (13.5 MiB)
- diff from 49.0.2623.108-0ubuntu1.1233 (in Ubuntu) to 58.0.3029.96-0ubuntu0.16.04.1279 (pending)
chromium-browser (58.0.3029.96-0ubuntu0.16.10.1347) yakkety; urgency=medium * Upstream release: 58.0.3029.96 - CVE-2017-5068: Race condition in WebRTC. -- Olivier Tilloy <email address hidden> Wed, 03 May 2017 06:43:43 +0200
chromium-browser (58.0.3029.96-0ubuntu0.17.04.1352) zesty; urgency=medium * Upstream release: 58.0.3029.96 - CVE-2017-5068: Race condition in WebRTC. -- Olivier Tilloy <email address hidden> Wed, 03 May 2017 06:28:55 +0200
Available diffs
- diff from 58.0.3029.81-0ubuntu2.17.04.1350 (in ~canonical-chromium-builds/ubuntu/stage) to 58.0.3029.96-0ubuntu0.17.04.1352 (13.5 MiB)
- diff from 57.0.2987.98-0ubuntu1.1348 (in Ubuntu) to 58.0.3029.96-0ubuntu0.17.04.1352 (pending)
chromium-browser (58.0.3029.81-0ubuntu2.1350) artful; urgency=medium * Upstream release: 58.0.3029.81 - CVE-2017-5057: Type confusion in PDFium. - CVE-2017-5058: Heap use after free in Print Preview. - CVE-2017-5059: Type confusion in Blink. - CVE-2017-5060: URL spoofing in Omnibox. - CVE-2017-5061: URL spoofing in Omnibox. - CVE-2017-5062: Use after free in Chrome Apps. - CVE-2017-5063: Heap overflow in Skia. - CVE-2017-5064: Use after free in Blink. - CVE-2017-5065: Incorrect UI in Blink. - CVE-2017-5066: Incorrect signature handing in Networking. - CVE-2017-5067: URL spoofing in Omnibox. - CVE-2017-5069: Cross-origin bypass in Blink. * debian/patches/arm.patch: removed, no longer needed * debian/patches/gtk-ui-stdmove: removed, no longer needed (upstreamed) * debian/patches/screen_capturer: removed, no longer needed (upstreamed) * debian/patches/default-allocator: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/enable-chromecast-by-default: refreshed * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed * debian/patches/search-credit.patch: refreshed * debian/patches/snapshot-library-link: refreshed * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/fix-gn-bootstrap.patch: added * debian/rules: disable the use of Vulcanize, the required node.js modules are not readily available -- Olivier Tilloy <email address hidden> Mon, 24 Apr 2017 22:33:22 +0200
Available diffs
chromium-browser (58.0.3029.81-0ubuntu2.17.04.1350) zesty; urgency=medium * Upstream release: 58.0.3029.81 - CVE-2017-5057: Type confusion in PDFium. - CVE-2017-5058: Heap use after free in Print Preview. - CVE-2017-5059: Type confusion in Blink. - CVE-2017-5060: URL spoofing in Omnibox. - CVE-2017-5061: URL spoofing in Omnibox. - CVE-2017-5062: Use after free in Chrome Apps. - CVE-2017-5063: Heap overflow in Skia. - CVE-2017-5064: Use after free in Blink. - CVE-2017-5065: Incorrect UI in Blink. - CVE-2017-5066: Incorrect signature handing in Networking. - CVE-2017-5067: URL spoofing in Omnibox. - CVE-2017-5069: Cross-origin bypass in Blink. * debian/patches/arm.patch: removed, no longer needed * debian/patches/gtk-ui-stdmove: removed, no longer needed (upstreamed) * debian/patches/screen_capturer: removed, no longer needed (upstreamed) * debian/patches/default-allocator: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/enable-chromecast-by-default: refreshed * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed * debian/patches/search-credit.patch: refreshed * debian/patches/snapshot-library-link: refreshed * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/fix-gn-bootstrap.patch: added * debian/rules: disable the use of Vulcanize, the required node.js modules are not readily available -- Olivier Tilloy <email address hidden> Mon, 24 Apr 2017 22:34:45 +0200
Available diffs
chromium-browser (58.0.3029.81-0ubuntu0.14.04.1172) trusty; urgency=medium * Upstream release: 58.0.3029.81 - CVE-2017-5057: Type confusion in PDFium. - CVE-2017-5058: Heap use after free in Print Preview. - CVE-2017-5059: Type confusion in Blink. - CVE-2017-5060: URL spoofing in Omnibox. - CVE-2017-5061: URL spoofing in Omnibox. - CVE-2017-5062: Use after free in Chrome Apps. - CVE-2017-5063: Heap overflow in Skia. - CVE-2017-5064: Use after free in Blink. - CVE-2017-5065: Incorrect UI in Blink. - CVE-2017-5066: Incorrect signature handing in Networking. - CVE-2017-5067: URL spoofing in Omnibox. - CVE-2017-5069: Cross-origin bypass in Blink. * debian/patches/arm.patch: removed, no longer needed * debian/patches/gtk-ui-stdmove: removed, no longer needed (upstreamed) * debian/patches/screen_capturer: removed, no longer needed (upstreamed) * debian/patches/default-allocator: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/enable-chromecast-by-default: refreshed * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed * debian/patches/search-credit.patch: refreshed * debian/patches/snapshot-library-link: refreshed * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/fix-gn-bootstrap.patch: added * debian/rules: disable the use of Vulcanize, the required node.js modules are not readily available -- Olivier Tilloy <email address hidden> Mon, 24 Apr 2017 11:56:01 +0200
Available diffs
chromium-browser (58.0.3029.81-0ubuntu0.16.04.1277) xenial; urgency=medium * Upstream release: 58.0.3029.81 - CVE-2017-5057: Type confusion in PDFium. - CVE-2017-5058: Heap use after free in Print Preview. - CVE-2017-5059: Type confusion in Blink. - CVE-2017-5060: URL spoofing in Omnibox. - CVE-2017-5061: URL spoofing in Omnibox. - CVE-2017-5062: Use after free in Chrome Apps. - CVE-2017-5063: Heap overflow in Skia. - CVE-2017-5064: Use after free in Blink. - CVE-2017-5065: Incorrect UI in Blink. - CVE-2017-5066: Incorrect signature handing in Networking. - CVE-2017-5067: URL spoofing in Omnibox. - CVE-2017-5069: Cross-origin bypass in Blink. * debian/patches/arm.patch: removed, no longer needed * debian/patches/gtk-ui-stdmove: removed, no longer needed (upstreamed) * debian/patches/screen_capturer: removed, no longer needed (upstreamed) * debian/patches/default-allocator: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/enable-chromecast-by-default: refreshed * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed * debian/patches/search-credit.patch: refreshed * debian/patches/snapshot-library-link: refreshed * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/fix-gn-bootstrap.patch: added * debian/rules: disable the use of Vulcanize, the required node.js modules are not readily available -- Olivier Tilloy <email address hidden> Mon, 24 Apr 2017 11:40:21 +0200
Available diffs
chromium-browser (58.0.3029.81-0ubuntu0.16.10.1345) yakkety; urgency=medium * Upstream release: 58.0.3029.81 - CVE-2017-5057: Type confusion in PDFium. - CVE-2017-5058: Heap use after free in Print Preview. - CVE-2017-5059: Type confusion in Blink. - CVE-2017-5060: URL spoofing in Omnibox. - CVE-2017-5061: URL spoofing in Omnibox. - CVE-2017-5062: Use after free in Chrome Apps. - CVE-2017-5063: Heap overflow in Skia. - CVE-2017-5064: Use after free in Blink. - CVE-2017-5065: Incorrect UI in Blink. - CVE-2017-5066: Incorrect signature handing in Networking. - CVE-2017-5067: URL spoofing in Omnibox. - CVE-2017-5069: Cross-origin bypass in Blink. * debian/patches/arm.patch: removed, no longer needed * debian/patches/gtk-ui-stdmove: removed, no longer needed (upstreamed) * debian/patches/screen_capturer: removed, no longer needed (upstreamed) * debian/patches/default-allocator: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/enable-chromecast-by-default: refreshed * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed * debian/patches/search-credit.patch: refreshed * debian/patches/snapshot-library-link: refreshed * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/fix-gn-bootstrap.patch: added * debian/rules: disable the use of Vulcanize, the required node.js modules are not readily available -- Olivier Tilloy <email address hidden> Mon, 24 Apr 2017 11:27:41 +0200
Available diffs
Superseded in artful-release |
Obsolete in zesty-release |
Deleted in zesty-proposed (Reason: moved to release) |
chromium-browser (57.0.2987.98-0ubuntu1.1348) zesty; urgency=medium * Upstream release: 57.0.2987.98. - CVE-2017-5030: Memory corruption in V8. - CVE-2017-5031: Use after free in ANGLE. - CVE-2017-5032: Out of bounds write in PDFium. - CVE-2017-5029: Integer overflow in libxslt. - CVE-2017-5034: Use after free in PDFium. - CVE-2017-5035: Incorrect security UI in Omnibox. - CVE-2017-5036: Use after free in PDFium. - CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer. - CVE-2017-5039: Use after free in PDFium. - CVE-2017-5040: Information disclosure in V8. - CVE-2017-5041: Address spoofing in Omnibox. - CVE-2017-5033: Bypass of Content Security Policy in Blink. - CVE-2017-5042: Incorrect handling of cookies in Cast. - CVE-2017-5038: Use after free in GuestView. - CVE-2017-5043: Use after free in GuestView. - CVE-2017-5044: Heap overflow in Skia. - CVE-2017-5045: Information disclosure in XSS Auditor. - CVE-2017-5046: Information disclosure in Blink. * debian/patches/arm64-support no longer needed * debian/patches/stdatomic: Support gcc48. * debian/patches/snapshot-library-link: Add missing libsnapshot link * debian/patches/gtk-ui-stdmove: fix && pointer return with std::move * debian/rules: Fix armhf float ABI and remove unnecessary envvars. (LP: #1673276) * debian/rules, debian/control: Use clang. -- Chad MILLER <email address hidden> Wed, 15 Mar 2017 21:12:35 -0400
Available diffs
chromium-browser (57.0.2987.98-0ubuntu0.16.04.1276) xenial-security; urgency=medium * Upstream release: 57.0.2987.98. - CVE-2017-5030: Memory corruption in V8. - CVE-2017-5031: Use after free in ANGLE. - CVE-2017-5032: Out of bounds write in PDFium. - CVE-2017-5029: Integer overflow in libxslt. - CVE-2017-5034: Use after free in PDFium. - CVE-2017-5035: Incorrect security UI in Omnibox. - CVE-2017-5036: Use after free in PDFium. - CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer. - CVE-2017-5039: Use after free in PDFium. - CVE-2017-5040: Information disclosure in V8. - CVE-2017-5041: Address spoofing in Omnibox. - CVE-2017-5033: Bypass of Content Security Policy in Blink. - CVE-2017-5042: Incorrect handling of cookies in Cast. - CVE-2017-5038: Use after free in GuestView. - CVE-2017-5043: Use after free in GuestView. - CVE-2017-5044: Heap overflow in Skia. - CVE-2017-5045: Information disclosure in XSS Auditor. - CVE-2017-5046: Information disclosure in Blink. * debian/patches/arm64-support no longer needed * debian/patches/stdatomic: Support gcc48. * debian/patches/snapshot-library-link: Add missing libsnapshot link * debian/patches/gtk-ui-stdmove: fix && pointer return with std::move * debian/control: Drop binary arch "any" and explicitly list four. * debian/patches/arm64-vpx-alignment: Avoid ARM64 alignment bug on some compilers. * debian/rules: Fix armhf float ABI and remove unnecessary envvars. (LP: #1673276) -- Chad MILLER <email address hidden> Wed, 15 Mar 2017 21:12:35 -0400
Available diffs
chromium-browser (57.0.2987.98-0ubuntu0.16.10.1344) yakkety-security; urgency=medium * Upstream release: 57.0.2987.98. - CVE-2017-5030: Memory corruption in V8. - CVE-2017-5031: Use after free in ANGLE. - CVE-2017-5032: Out of bounds write in PDFium. - CVE-2017-5029: Integer overflow in libxslt. - CVE-2017-5034: Use after free in PDFium. - CVE-2017-5035: Incorrect security UI in Omnibox. - CVE-2017-5036: Use after free in PDFium. - CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer. - CVE-2017-5039: Use after free in PDFium. - CVE-2017-5040: Information disclosure in V8. - CVE-2017-5041: Address spoofing in Omnibox. - CVE-2017-5033: Bypass of Content Security Policy in Blink. - CVE-2017-5042: Incorrect handling of cookies in Cast. - CVE-2017-5038: Use after free in GuestView. - CVE-2017-5043: Use after free in GuestView. - CVE-2017-5044: Heap overflow in Skia. - CVE-2017-5045: Information disclosure in XSS Auditor. - CVE-2017-5046: Information disclosure in Blink. * debian/patches/arm64-support no longer needed * debian/patches/stdatomic: Support gcc48. * debian/patches/snapshot-library-link: Add missing libsnapshot link * debian/patches/gtk-ui-stdmove: fix && pointer return with std::move * debian/control: Drop binary arch "any" and explicitly list four. * debian/patches/arm64-vpx-alignment: Avoid ARM64 alignment bug on some compilers. * debian/rules: Fix armhf float ABI and remove unnecessary envvars. (LP: #1673276) -- Chad MILLER <email address hidden> Wed, 15 Mar 2017 21:12:35 -0400
Available diffs
chromium-browser (56.0.2924.76-0ubuntu2.1343) zesty; urgency=medium * debian/control: Drop binary arch "any" and explicitly list four. * debian/patches/arm64-support: arm64 gcc needs toolchain information. -- Chad MILLER <email address hidden> Thu, 02 Mar 2017 15:32:01 -0500
Available diffs
chromium-browser (56.0.2924.76-0ubuntu0.16.04.1268) xenial-security; urgency=medium * Upstream release: 56.0.2924.76 - CVE-2017-5007: Universal XSS in Blink. - CVE-2017-5006: Universal XSS in Blink. - CVE-2017-5008: Universal XSS in Blink. - CVE-2017-5010: Universal XSS in Blink. - CVE-2017-5011: Unauthorised file access in Devtools. - CVE-2017-5009: Out of bounds memory access in WebRTC. - CVE-2017-5012: Heap overflow in V8. - CVE-2017-5013: Address spoofing in Omnibox. - CVE-2017-5014: Heap overflow in Skia. - CVE-2017-5015: Address spoofing in Omnibox. - CVE-2017-5019: Use after free in Renderer. - CVE-2017-5016: UI spoofing in Blink. - CVE-2017-5017: Uninitialised memory access in webm video. - CVE-2017-5018: Universal XSS in chrome://apps. - CVE-2017-5020: Universal XSS in chrome://downloads. - CVE-2017-5021: Use after free in Extensions. - CVE-2017-5022: Bypass of Content Security Policy in Blink. - CVE-2017-5023: Type confusion in metrics. - CVE-2017-5024: Heap overflow in FFmpeg. - CVE-2017-5025: Heap overflow in FFmpeg. - CVE-2017-5026: UI spoofing. * debian/patches/screen_capturer: allow compilation on gcc4 * debian/patches/arm64-support: reenable arm64 * debian/patches/memory-free-assertion-failure: discover memory management assertion failures. * debian/rules: Avoid field trial experiments to get stable code. (closes: LP#1667125) * debian/patches/enable-chromecast-by-default: (closes: LP#1621753) -- Chad MILLER <email address hidden> Wed, 22 Feb 2017 17:20:28 -0500
Available diffs
chromium-browser (56.0.2924.76-0ubuntu0.16.10.1335) yakkety-security; urgency=medium * Upstream release: 56.0.2924.76 - CVE-2017-5007: Universal XSS in Blink. - CVE-2017-5006: Universal XSS in Blink. - CVE-2017-5008: Universal XSS in Blink. - CVE-2017-5010: Universal XSS in Blink. - CVE-2017-5011: Unauthorised file access in Devtools. - CVE-2017-5009: Out of bounds memory access in WebRTC. - CVE-2017-5012: Heap overflow in V8. - CVE-2017-5013: Address spoofing in Omnibox. - CVE-2017-5014: Heap overflow in Skia. - CVE-2017-5015: Address spoofing in Omnibox. - CVE-2017-5019: Use after free in Renderer. - CVE-2017-5016: UI spoofing in Blink. - CVE-2017-5017: Uninitialised memory access in webm video. - CVE-2017-5018: Universal XSS in chrome://apps. - CVE-2017-5020: Universal XSS in chrome://downloads. - CVE-2017-5021: Use after free in Extensions. - CVE-2017-5022: Bypass of Content Security Policy in Blink. - CVE-2017-5023: Type confusion in metrics. - CVE-2017-5024: Heap overflow in FFmpeg. - CVE-2017-5025: Heap overflow in FFmpeg. - CVE-2017-5026: UI spoofing. * debian/patches/screen_capturer: allow compilation on gcc4 * debian/patches/arm64-support: reenable arm64 * debian/patches/memory-free-assertion-failure: discover memory management assertion failures. * debian/rules: Avoid field trial experiments to get stable code. (closes: LP#1667125) * debian/patches/enable-chromecast-by-default: (closes: LP#1621753) -- Chad MILLER <email address hidden> Wed, 22 Feb 2017 17:20:28 -0500
Available diffs
Superseded in zesty-proposed |
chromium-browser (55.0.2883.87-0ubuntu2.1329) zesty; urgency=medium * No-change rebuild against libnspr4 -- Andy Whitcroft <email address hidden> Fri, 24 Feb 2017 11:10:02 +0000
Available diffs
chromium-browser (55.0.2883.87-0ubuntu0.16.04.1263) xenial-security; urgency=medium * debian/rules: Build extra codecs as part of main chromium program, and libre/crippled/h.264less on its own. Seems to make h.264 work again. Weird. * debian/chromium-browser.links: Make link to ./ instead of / to fix path problems that codec-using other apps might see. * Upstream release of 55.0.2883.87: - Change Flash running default to important content only. * debian/chromium-browser.sh.in: Insert the Flash version if empty and detectable. * debian/rules, debian/control: Use gcc/g++ 4.8 to build. * Upstream release of 55.0.2883.75: - CVE-2016-9651: Private property access in V8. - CVE-2016-5208: Universal XSS in Blink. - CVE-2016-5207: Universal XSS in Blink. - CVE-2016-5206: Same-origin bypass in PDFium. - CVE-2016-5205: Universal XSS in Blink. - CVE-2016-5204: Universal XSS in Blink. - CVE-2016-5209: Out of bounds write in Blink. - CVE-2016-5203: Use after free in PDFium. - CVE-2016-5210: Out of bounds write in PDFium. - CVE-2016-5212: Local file disclosure in DevTools. - CVE-2016-5211: Use after free in PDFium. - CVE-2016-5213: Use after free in V8. - CVE-2016-5214: File download protection bypass. - CVE-2016-5216: Use after free in PDFium. - CVE-2016-5215: Use after free in Webaudio. - CVE-2016-5217: Use of unvalidated data in PDFium. - CVE-2016-5218: Address spoofing in Omnibox. - CVE-2016-5219: Use after free in V8. - CVE-2016-5221: Integer overflow in ANGLE. - CVE-2016-5220: Local file access in PDFium. - CVE-2016-5222: Address spoofing in Omnibox. - CVE-2016-9650: CSP Referrer disclosure. - CVE-2016-5223: Integer overflow in PDFium. - CVE-2016-5226: Limited XSS in Blink. - CVE-2016-5225: CSP bypass in Blink. - CVE-2016-5224: Same-origin bypass in SVG - CVE-2016-9652: Various fixes from internal audits, fuzzing and other initiatives * Upstream release of 54.0.2840.100: - CVE-2016-5199: Heap corruption in FFmpeg. - CVE-2016-5200: Out of bounds memory access in V8. - CVE-2016-5201: Info leak in extensions. - CVE-2016-5202: Various fixes from internal audits, fuzzing and other initiatives * Move to using GN to build chromium. - debian/known_gn_gen_args - debian/rules patches * debian/rules, lintians, installs, script: Move component libs out of libs/, to /usr/lib/chromium-browser/ only. * debian/patches/do-not-use-bundled-clang: Use clang from path. * debian/control: Express that binary packages could be on "any" architecture. * debian/control: additionally build-dep on libgtk-3-dev * debian/patches/arm64-support: Fail nicer if aarch64/arm64 mismatch. * Upstrem release of 54.0.2840.59: - CVE-2016-5181: Universal XSS in Blink. - CVE-2016-5182: Heap overflow in Blink. - CVE-2016-5183: Use after free in PDFium. - CVE-2016-5184: Use after free in PDFium. - CVE-2016-5185: Use after free in Blink. - CVE-2016-5187: URL spoofing. - CVE-2016-5188: UI spoofing. - CVE-2016-5192: Cross-origin bypass in Blink. - CVE-2016-5189: URL spoofing. - CVE-2016-5186: Out of bounds read in DevTools. - CVE-2016-5191: Universal XSS in Bookmarks. - CVE-2016-5190: Use after free in Internals. - CVE-2016-5193: Scheme bypass. - CVE-2016-5194: Various fixes from internal audits, fuzzing and other initiatives * debian/patches/allow-component-build: Hard-code, override release -> no component logic. * debian/known_gyp_flags: Remove old GYP known-flags list. * debian/default-allocator: Insist on not using tcmalloc allocator. * debian/rules: Set LDFLAGS to limit memory usage. * debian/control: Remove extraneous dependencies. -- Chad MILLER <email address hidden> Sat, 17 Dec 2016 12:05:53 -0500
chromium-browser (55.0.2883.87-0ubuntu1.16.10.1330) yakkety-security; urgency=medium * debian/rules: Build extra codecs as part of main chromium program, and libre/crippled/h.264less on its own. Seems to make h.264 work again. Weird. * debian/chromium-browser.links: Make link to ./ instead of / to fix path problems that codec-using other apps might see. -- Chad MILLER <email address hidden> Sat, 17 Dec 2016 12:05:53 -0500
Available diffs
Superseded in zesty-proposed |
chromium-browser (55.0.2883.87-0ubuntu2.1328) zesty; urgency=medium * debian/rules: Build extra codecs as part of main chromium program, and libre/crippled/h.264less on its own. Seems to make h.264 work again. Weird. * debian/chromium-browser.links: Make link to ./ instead of / to fix path problems that codec-using other apps might see. -- Chad MILLER <email address hidden> Sat, 17 Dec 2016 12:05:53 -0500
Available diffs
chromium-browser (55.0.2883.87-0ubuntu0.16.10.1328) yakkety-security; urgency=medium * Upstream release of 55.0.2883.87: - Change Flash running default to important content only. * debian/chromium-browser.sh.in: Insert the Flash version if empty and detectable. * debian/rules, debian/control: Use gcc/g++ 4.8 to build. * Upstream release of 55.0.2883.75: - CVE-2016-9651: Private property access in V8. - CVE-2016-5208: Universal XSS in Blink. - CVE-2016-5207: Universal XSS in Blink. - CVE-2016-5206: Same-origin bypass in PDFium. - CVE-2016-5205: Universal XSS in Blink. - CVE-2016-5204: Universal XSS in Blink. - CVE-2016-5209: Out of bounds write in Blink. - CVE-2016-5203: Use after free in PDFium. - CVE-2016-5210: Out of bounds write in PDFium. - CVE-2016-5212: Local file disclosure in DevTools. - CVE-2016-5211: Use after free in PDFium. - CVE-2016-5213: Use after free in V8. - CVE-2016-5214: File download protection bypass. - CVE-2016-5216: Use after free in PDFium. - CVE-2016-5215: Use after free in Webaudio. - CVE-2016-5217: Use of unvalidated data in PDFium. - CVE-2016-5218: Address spoofing in Omnibox. - CVE-2016-5219: Use after free in V8. - CVE-2016-5221: Integer overflow in ANGLE. - CVE-2016-5220: Local file access in PDFium. - CVE-2016-5222: Address spoofing in Omnibox. - CVE-2016-9650: CSP Referrer disclosure. - CVE-2016-5223: Integer overflow in PDFium. - CVE-2016-5226: Limited XSS in Blink. - CVE-2016-5225: CSP bypass in Blink. - CVE-2016-5224: Same-origin bypass in SVG - CVE-2016-9652: Various fixes from internal audits, fuzzing and other initiatives * Upstream release of 54.0.2840.100: - CVE-2016-5199: Heap corruption in FFmpeg. - CVE-2016-5200: Out of bounds memory access in V8. - CVE-2016-5201: Info leak in extensions. - CVE-2016-5202: Various fixes from internal audits, fuzzing and other initiatives * Move to using GN to build chromium. - debian/known_gn_gen_args - debian/rules patches * debian/rules, lintians, installs, script: Move component libs out of libs/, to /usr/lib/chromium-browser/ only. * debian/patches/do-not-use-bundled-clang: Use clang from path. * debian/control: Express that binary packages could be on "any" architecture. * debian/control: additionally build-dep on libgtk-3-dev * debian/patches/arm64-support: Fail nicer if aarch64/arm64 mismatch. * Upstrem release of 54.0.2840.59: - CVE-2016-5181: Universal XSS in Blink. - CVE-2016-5182: Heap overflow in Blink. - CVE-2016-5183: Use after free in PDFium. - CVE-2016-5184: Use after free in PDFium. - CVE-2016-5185: Use after free in Blink. - CVE-2016-5187: URL spoofing. - CVE-2016-5188: UI spoofing. - CVE-2016-5192: Cross-origin bypass in Blink. - CVE-2016-5189: URL spoofing. - CVE-2016-5186: Out of bounds read in DevTools. - CVE-2016-5191: Universal XSS in Bookmarks. - CVE-2016-5190: Use after free in Internals. - CVE-2016-5193: Scheme bypass. - CVE-2016-5194: Various fixes from internal audits, fuzzing and other initiatives * debian/patches/allow-component-build: Hard-code, override release -> no component logic. * debian/known_gyp_flags: Remove old GYP known-flags list. * debian/default-allocator: Insist on not using tcmalloc allocator. * debian/rules: Set LDFLAGS to limit memory usage. * debian/control: Remove extraneous dependencies. -- Chad MILLER <email address hidden> Sat, 03 Dec 2016 09:55:37 -0500
Available diffs
Superseded in zesty-proposed |
chromium-browser (55.0.2883.87-0ubuntu1.1326) zesty; urgency=medium * Upstream release of 55.0.2883.87: - Change Flash running default to important content only. * debian/chromium-browser.sh.in: Insert the Flash version if empty and detectable. * debian/rules, debian/control: Use gcc/g++ 4.8 to build. * Upstream release of 55.0.2883.75: - CVE-2016-9651: Private property access in V8. - CVE-2016-5208: Universal XSS in Blink. - CVE-2016-5207: Universal XSS in Blink. - CVE-2016-5206: Same-origin bypass in PDFium. - CVE-2016-5205: Universal XSS in Blink. - CVE-2016-5204: Universal XSS in Blink. - CVE-2016-5209: Out of bounds write in Blink. - CVE-2016-5203: Use after free in PDFium. - CVE-2016-5210: Out of bounds write in PDFium. - CVE-2016-5212: Local file disclosure in DevTools. - CVE-2016-5211: Use after free in PDFium. - CVE-2016-5213: Use after free in V8. - CVE-2016-5214: File download protection bypass. - CVE-2016-5216: Use after free in PDFium. - CVE-2016-5215: Use after free in Webaudio. - CVE-2016-5217: Use of unvalidated data in PDFium. - CVE-2016-5218: Address spoofing in Omnibox. - CVE-2016-5219: Use after free in V8. - CVE-2016-5221: Integer overflow in ANGLE. - CVE-2016-5220: Local file access in PDFium. - CVE-2016-5222: Address spoofing in Omnibox. - CVE-2016-9650: CSP Referrer disclosure. - CVE-2016-5223: Integer overflow in PDFium. - CVE-2016-5226: Limited XSS in Blink. - CVE-2016-5225: CSP bypass in Blink. - CVE-2016-5224: Same-origin bypass in SVG - CVE-2016-9652: Various fixes from internal audits, fuzzing and other initiatives * Upstream release of 54.0.2840.100: - CVE-2016-5199: Heap corruption in FFmpeg. - CVE-2016-5200: Out of bounds memory access in V8. - CVE-2016-5201: Info leak in extensions. - CVE-2016-5202: Various fixes from internal audits, fuzzing and other initiatives * Move to using GN to build chromium. - debian/known_gn_gen_args - debian/rules patches * debian/rules, lintians, installs, script: Move component libs out of libs/, to /usr/lib/chromium-browser/ only. * debian/patches/do-not-use-bundled-clang: Use clang from path. * debian/control: Express that binary packages could be on "any" architecture. * debian/control: additionally build-dep on libgtk-3-dev * debian/patches/arm64-support: Fail nicer if aarch64/arm64 mismatch. * Upstrem release of 54.0.2840.59: - CVE-2016-5181: Universal XSS in Blink. - CVE-2016-5182: Heap overflow in Blink. - CVE-2016-5183: Use after free in PDFium. - CVE-2016-5184: Use after free in PDFium. - CVE-2016-5185: Use after free in Blink. - CVE-2016-5187: URL spoofing. - CVE-2016-5188: UI spoofing. - CVE-2016-5192: Cross-origin bypass in Blink. - CVE-2016-5189: URL spoofing. - CVE-2016-5186: Out of bounds read in DevTools. - CVE-2016-5191: Universal XSS in Bookmarks. - CVE-2016-5190: Use after free in Internals. - CVE-2016-5193: Scheme bypass. - CVE-2016-5194: Various fixes from internal audits, fuzzing and other initiatives * debian/patches/allow-component-build: Hard-code, override release -> no component logic. * debian/known_gyp_flags: Remove old GYP known-flags list. * debian/default-allocator: Insist on not using tcmalloc allocator. * debian/rules: Set LDFLAGS to limit memory usage. * debian/control: Remove extraneous dependencies. -- Chad MILLER <email address hidden> Sat, 03 Dec 2016 09:55:37 -0500
Available diffs
chromium-browser (37.0.2062.120-0ubuntu0.12.04.4) precise-security; urgency=medium * debian/patches/nss-324-fix.patch: fix compatibility with nss 3.24. * debian/control: specify libnss3 Depends version. -- Marc Deslauriers <email address hidden> Wed, 07 Dec 2016 14:36:05 -0500
chromium-browser (53.0.2785.143-0ubuntu0.14.04.1.1145) trusty-security; urgency=medium * debian/patches/defang-ct-timebomb: backport TLS cert invalidity based on build-time. (LP: #1641380) -- Chad MILLER <email address hidden> Mon, 14 Nov 2016 10:06:44 -0500
Available diffs
chromium-browser (53.0.2785.143-0ubuntu0.16.04.1.1257) xenial-security; urgency=medium * debian/patches/defang-ct-timebomb: backport TLS cert invalidity based on build-time. (LP: #1641380) -- Chad MILLER <email address hidden> Mon, 14 Nov 2016 10:06:44 -0500
Available diffs
Superseded in zesty-release |
Obsolete in yakkety-release |
Deleted in yakkety-proposed (Reason: moved to release) |
chromium-browser (53.0.2785.143-0ubuntu1.1307) yakkety; urgency=medium * Upstream release 53.0.2785.143: - CVE-2016-5177: Use after free in V8. - CVE-2016-5178: Various fixes from internal audits, fuzzing and other initiatives. * Upstream release 53.0.2785.113: - CVE-2016-5170: Use after free in Blink. - CVE-2016-5171: Use after free in Blink. - CVE-2016-5172: Arbitrary Memory Read in v8. - CVE-2016-5173: Extension resource access. - CVE-2016-5174: Popup not correctly suppressed. - CVE-2016-5175: Various fixes from internal audits, fuzzing and other initiatives. * Upstream release 53.0.2785.89: - CVE-2016-5147: Universal XSS in Blink. - CVE-2016-5148: Universal XSS in Blink. - CVE-2016-5149: Script injection in extensions. - CVE-2016-5150: Use after free in Blink. - CVE-2016-5151: Use after free in PDFium. - CVE-2016-5152: Heap overflow in PDFium. - CVE-2016-5153: Use after destruction in Blink. - CVE-2016-5154: Heap overflow in PDFium. - CVE-2016-5155: Address bar spoofing. - CVE-2016-5156: Use after free in event bindings. - CVE-2016-5157: Heap overflow in PDFium. - CVE-2016-5158: Heap overflow in PDFium. - CVE-2016-5159: Heap overflow in PDFium. - CVE-2016-5161: Type confusion in Blink. - CVE-2016-5162: Extensions web accessible resources bypass. - CVE-2016-5163: Address bar spoofing. - CVE-2016-5164: Universal XSS using DevTools. - CVE-2016-5165: Script injection in DevTools. - CVE-2016-5166: SMB Relay Attack via Save Page As. - CVE-2016-5160: Extensions web accessible resources bypass. - CVE-2016-5167: Various fixes from internal audits, fuzzing and other initiatives. * debian/patches/cups-include-deprecated-ppd, debian/rules: include cups functions. * debian/rules, debian/control: Force using gcc-5 compiler. * Use system libraries for expat, speex, zlib, opus, png, jpeg. * Also build for arm64 architecture. * Don't compile in cups support by default on all architectures. * Upstream release 52.0.2743.116: - CVE-2016-5141 Address bar spoofing. - CVE-2016-5142 Use-after-free in Blink. - CVE-2016-5139 Heap overflow in pdfium. - CVE-2016-5140 Heap overflow in pdfium. - CVE-2016-5145 Same origin bypass for images in Blink. - CVE-2016-5143 Parameter sanitization failure in DevTools. - CVE-2016-5144 Parameter sanitization failure in DevTools. - CVE-2016-5146: Various fixes from internal audits, fuzzing and other initiatives. * Exclude harfbuzz and libxslt from system-library use. * Upstream release 52.0.2743.82: - CVE-2016-1706: Sandbox escape in PPAPI. - CVE-2016-1707: URL spoofing on iOS. - CVE-2016-1708: Use-after-free in Extensions. - CVE-2016-1709: Heap-buffer-overflow in sfntly. - CVE-2016-1710: Same-origin bypass in Blink. - CVE-2016-1711: Same-origin bypass in Blink. - CVE-2016-5127: Use-after-free in Blink. - CVE-2016-5128: Same-origin bypass in V8. - CVE-2016-5129: Memory corruption in V8. - CVE-2016-5130: URL spoofing. - CVE-2016-5131: Use-after-free in libxml. - CVE-2016-5132: Limited same-origin bypass in Service Workers. - CVE-2016-5133: Origin confusion in proxy authentication. - CVE-2016-5134: URL leakage via PAC script. - CVE-2016-5135: Content-Security-Policy bypass. - CVE-2016-5136: Use after free in extensions. - CVE-2016-5137: History sniffing with HSTS and CSP. - CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives * Upstream release 51.0.2704.106 * Upstream release 51.0.2704.103: - CVE-2016-1704: Various fixes from internal audits, fuzzing and other initiatives. * debian/control: remvove build-dep on clang. * debian/rules: Disable Google Now. Creepy. Might mean downloads of opaque programs too. * debian/rules: Disable Wallet service. * debian/rules: Remove precise-specific conditions. More simple. * debian/rules: In install-validation, don't use mktemp. Hard-code destination. * debian/patches/gsettings-display-scaling: Disable because code moved and needs refactoring. * debian/patches/display-scaling-default-value: Disable because probbly not needed any more. * debian/rules: widevine cdm is not really available in this source. No longer lie about that. * Set new GOOG keys to bisect service overuse problem. * debian/patches/linux45-madvfree: If MADV_FREE is not defined, do not allow it in sandbox filter. Also, undefine it so we don't use MADV_FREE and thereby depend on it at runtime. * debian/rules: Use gold ld to link. * debian/rules: Kill delete-null-pointer-checks. In the javascript engine, we can not assume a memory access to address zero always results in a trap. * debian/patches/gsettings-display-scaling, debian/patches/display-scaling-default-value, reenable DPI scaling taken from dconf. * debian/rules: explicitly set target arch for arm64. * debian/patches/series, debian/rules: Re-enable widevine component. -- Chad MILLER <email address hidden> Thu, 29 Sep 2016 16:54:11 -0400
Available diffs
chromium-browser (53.0.2785.143-0ubuntu0.14.04.1.1142) trusty-security; urgency=medium * Upstream release 53.0.2785.143: - CVE-2016-5177: Use after free in V8. - CVE-2016-5178: Various fixes from internal audits, fuzzing and other initiatives. * Upstream release 53.0.2785.113: - CVE-2016-5170: Use after free in Blink. - CVE-2016-5171: Use after free in Blink. - CVE-2016-5172: Arbitrary Memory Read in v8. - CVE-2016-5173: Extension resource access. - CVE-2016-5174: Popup not correctly suppressed. - CVE-2016-5175: Various fixes from internal audits, fuzzing and other initiatives. * debian/rules: Use gold ld to link. * debian/rules: Kill delete-null-pointer-checks. In the javascript engine, we can not assume a memory access to address zero always results in a trap. * debian/patches/gsettings-display-scaling, debian/patches/display-scaling-default-value, reenable DPI scaling taken from dconf. * debian/rules: explicitly set target arch for arm64. * debian/control, debian/rules: re-add -dbg transitional packages. * Upstream release 53.0.2785.89: - CVE-2016-5147: Universal XSS in Blink. - CVE-2016-5148: Universal XSS in Blink. - CVE-2016-5149: Script injection in extensions. - CVE-2016-5150: Use after free in Blink. - CVE-2016-5151: Use after free in PDFium. - CVE-2016-5152: Heap overflow in PDFium. - CVE-2016-5153: Use after destruction in Blink. - CVE-2016-5154: Heap overflow in PDFium. - CVE-2016-5155: Address bar spoofing. - CVE-2016-5156: Use after free in event bindings. - CVE-2016-5157: Heap overflow in PDFium. - CVE-2016-5158: Heap overflow in PDFium. - CVE-2016-5159: Heap overflow in PDFium. - CVE-2016-5161: Type confusion in Blink. - CVE-2016-5162: Extensions web accessible resources bypass. - CVE-2016-5163: Address bar spoofing. - CVE-2016-5164: Universal XSS using DevTools. - CVE-2016-5165: Script injection in DevTools. - CVE-2016-5166: SMB Relay Attack via Save Page As. - CVE-2016-5160: Extensions web accessible resources bypass. - CVE-2016-5167: Various fixes from internal audits, fuzzing and other initiatives. * debian/patches/cups-include-deprecated-ppd, debian/rules: include cups functions. * Use system libraries for expat, speex, zlib, opus, png, jpeg. * Also build for arm64 architecture. * Don't compile in cups support by default on all architectures. * debian/control: remvove build-dep on clang. * debian/patches/linux45-madvfree: If MADV_FREE is not defined, do not allow it in sandbox filter. Also, undefine it so we don't use MADV_FREE and thereby depend on it at runtime. * debian/rules: Use gold ld to link. * debian/rules: Kill delete-null-pointer-checks. In the javascript engine, we can not assume a memory access to address zero always results in a trap. * debian/patches/series, debian/rules: Re-enable widevine component. * debian/patches/expat-config: Avoid "memmove does not exist". -- Chad MILLER <email address hidden> Fri, 16 Sep 2016 12:56:44 -0400
chromium-browser (53.0.2785.143-0ubuntu0.16.04.1.1254) xenial-security; urgency=medium * Upstream release 53.0.2785.143: - CVE-2016-5177: Use after free in V8. - CVE-2016-5178: Various fixes from internal audits, fuzzing and other initiatives. * Upstream release 53.0.2785.113: - CVE-2016-5170: Use after free in Blink. - CVE-2016-5171: Use after free in Blink. - CVE-2016-5172: Arbitrary Memory Read in v8. - CVE-2016-5173: Extension resource access. - CVE-2016-5174: Popup not correctly suppressed. - CVE-2016-5175: Various fixes from internal audits, fuzzing and other initiatives. * debian/rules: Use gold ld to link. * debian/rules: Kill delete-null-pointer-checks. In the javascript engine, we can not assume a memory access to address zero always results in a trap. * debian/patches/gsettings-display-scaling, debian/patches/display-scaling-default-value, reenable DPI scaling taken from dconf. * debian/rules: explicitly set target arch for arm64. * debian/control, debian/rules: re-add -dbg transitional packages. * Upstream release 53.0.2785.89: - CVE-2016-5147: Universal XSS in Blink. - CVE-2016-5148: Universal XSS in Blink. - CVE-2016-5149: Script injection in extensions. - CVE-2016-5150: Use after free in Blink. - CVE-2016-5151: Use after free in PDFium. - CVE-2016-5152: Heap overflow in PDFium. - CVE-2016-5153: Use after destruction in Blink. - CVE-2016-5154: Heap overflow in PDFium. - CVE-2016-5155: Address bar spoofing. - CVE-2016-5156: Use after free in event bindings. - CVE-2016-5157: Heap overflow in PDFium. - CVE-2016-5158: Heap overflow in PDFium. - CVE-2016-5159: Heap overflow in PDFium. - CVE-2016-5161: Type confusion in Blink. - CVE-2016-5162: Extensions web accessible resources bypass. - CVE-2016-5163: Address bar spoofing. - CVE-2016-5164: Universal XSS using DevTools. - CVE-2016-5165: Script injection in DevTools. - CVE-2016-5166: SMB Relay Attack via Save Page As. - CVE-2016-5160: Extensions web accessible resources bypass. - CVE-2016-5167: Various fixes from internal audits, fuzzing and other initiatives. * debian/patches/cups-include-deprecated-ppd, debian/rules: include cups functions. * debian/rules, debian/control: Force using gcc-5 compiler. * Use system libraries for expat, speex, zlib, opus, png, jpeg. * Also build for arm64 architecture. * Don't compile in cups support by default on all architectures. * debian/control: remvove build-dep on clang. * debian/patches/linux45-madvfree: If MADV_FREE is not defined, do not allow it in sandbox filter. Also, undefine it so we don't use MADV_FREE and thereby depend on it at runtime. * debian/rules: Use gold ld to link. * debian/rules: Kill delete-null-pointer-checks. In the javascript engine, we can not assume a memory access to address zero always results in a trap. * debian/patches/series, debian/rules: Re-enable widevine component. -- Chad MILLER <email address hidden> Fri, 16 Sep 2016 12:56:44 -0400
chromium-browser (52.0.2743.116-0ubuntu0.14.04.1.1134) trusty-security; urgency=medium * Upstream release 52.0.2743.116: - CVE-2016-5141 Address bar spoofing. - CVE-2016-5142 Use-after-free in Blink. - CVE-2016-5139 Heap overflow in pdfium. - CVE-2016-5140 Heap overflow in pdfium. - CVE-2016-5145 Same origin bypass for images in Blink. - CVE-2016-5143 Parameter sanitization failure in DevTools. - CVE-2016-5144 Parameter sanitization failure in DevTools. - CVE-2016-5146: Various fixes from internal audits, fuzzing and other initiatives. * Exclude harfbuzz from system-library use. * Upstream release 52.0.2743.82: - CVE-2016-1706: Sandbox escape in PPAPI. - CVE-2016-1707: URL spoofing on iOS. - CVE-2016-1708: Use-after-free in Extensions. - CVE-2016-1709: Heap-buffer-overflow in sfntly. - CVE-2016-1710: Same-origin bypass in Blink. - CVE-2016-1711: Same-origin bypass in Blink. - CVE-2016-5127: Use-after-free in Blink. - CVE-2016-5128: Same-origin bypass in V8. - CVE-2016-5129: Memory corruption in V8. - CVE-2016-5130: URL spoofing. - CVE-2016-5131: Use-after-free in libxml. - CVE-2016-5132: Limited same-origin bypass in Service Workers. - CVE-2016-5133: Origin confusion in proxy authentication. - CVE-2016-5134: URL leakage via PAC script. - CVE-2016-5135: Content-Security-Policy bypass. - CVE-2016-5136: Use after free in extensions. - CVE-2016-5137: History sniffing with HSTS and CSP. - CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives * Upstream release 51.0.2704.106 * Upstream release 51.0.2704.103: - CVE-2016-1704: Various fixes from internal audits, fuzzing and other initiatives. * debian/control: remvove build-dep on clang. * Sync many things from debian: - No longer build remoting, or install its locale files. - Use many system libraries, adding build-dep on - libre2-dev, - yasm, - libopus-dev, - zlib1g-dev, - libspeex-dev, - libspeechd-dev, - libexpat1-dev, - libpng-dev, - libxml2-dev, - libjpeg-dev, - libwebp-dev, - libxslt-dev, - libsrtp-dev, - libjsoncpp-dev, - libevent-dev, - Clean up many parts of debian/rules, wrt variable names - Set hardening on. - Use gold linker. - Disable Google Now. Creepy. Might mean downloads of opaque programs too. - Disable Wallet service. * debian/compat: Use dh version 9. * debian/rules: Improve "cd;foo" logic. * debian/rules: Remove files in tar-copy pipelines, to conserve space. Fixes build failures in servers. * debian/rules: Move check steps into install steps. No need to be separate, and simplifies target names. * debian/rules: Make en-us locale files less magical, and simplify install. * debian/rules: Work around change to tar command param order with --exclude. * debian/rules: Don't use tcmalloc on armhf. * debian/rules: Remove precise-specific conditions. More simple. * debian/rules: In install-validation, don't use mktemp. Hard-code destination. * debian/patches/gsettings-display-scaling: Disable because code moved and needs refactoring. * debian/patches/display-scaling-default-value: Disable because probbly not needed any more. * debian/rules: widevine cdm is not really available in this source. No longer lie about that. * Set new GOOG keys to bisect service overuse problem. -- Chad MILLER <email address hidden> Wed, 24 Aug 2016 13:30:26 -0400
chromium-browser (52.0.2743.116-0ubuntu0.16.04.1.1250) xenial-security; urgency=medium * Upstream release 52.0.2743.116: - CVE-2016-5141 Address bar spoofing. - CVE-2016-5142 Use-after-free in Blink. - CVE-2016-5139 Heap overflow in pdfium. - CVE-2016-5140 Heap overflow in pdfium. - CVE-2016-5145 Same origin bypass for images in Blink. - CVE-2016-5143 Parameter sanitization failure in DevTools. - CVE-2016-5144 Parameter sanitization failure in DevTools. - CVE-2016-5146: Various fixes from internal audits, fuzzing and other initiatives. * Exclude harfbuzz from system-library use. * Upstream release 52.0.2743.82: - CVE-2016-1706: Sandbox escape in PPAPI. - CVE-2016-1707: URL spoofing on iOS. - CVE-2016-1708: Use-after-free in Extensions. - CVE-2016-1709: Heap-buffer-overflow in sfntly. - CVE-2016-1710: Same-origin bypass in Blink. - CVE-2016-1711: Same-origin bypass in Blink. - CVE-2016-5127: Use-after-free in Blink. - CVE-2016-5128: Same-origin bypass in V8. - CVE-2016-5129: Memory corruption in V8. - CVE-2016-5130: URL spoofing. - CVE-2016-5131: Use-after-free in libxml. - CVE-2016-5132: Limited same-origin bypass in Service Workers. - CVE-2016-5133: Origin confusion in proxy authentication. - CVE-2016-5134: URL leakage via PAC script. - CVE-2016-5135: Content-Security-Policy bypass. - CVE-2016-5136: Use after free in extensions. - CVE-2016-5137: History sniffing with HSTS and CSP. - CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives * Upstream release 51.0.2704.106 * Upstream release 51.0.2704.103: - CVE-2016-1704: Various fixes from internal audits, fuzzing and other initiatives. * debian/control: remvove build-dep on clang. * Sync many things from debian: - No longer build remoting, or install its locale files. - Use many system libraries, adding build-dep on - libre2-dev, - yasm, - libopus-dev, - zlib1g-dev, - libspeex-dev, - libspeechd-dev, - libexpat1-dev, - libpng-dev, - libxml2-dev, - libjpeg-dev, - libwebp-dev, - libxslt-dev, - libsrtp-dev, - libjsoncpp-dev, - libevent-dev, - Clean up many parts of debian/rules, wrt variable names - Set hardening on. - Use gold linker. - Disable Google Now. Creepy. Might mean downloads of opaque programs too. - Disable Wallet service. * debian/compat: Use dh version 9. * debian/rules: Improve "cd;foo" logic. * debian/rules: Remove files in tar-copy pipelines, to conserve space. Fixes build failures in servers. * debian/rules: Move check steps into install steps. No need to be separate, and simplifies target names. * debian/rules: Make en-us locale files less magical, and simplify install. * debian/rules: Work around change to tar command param order with --exclude. * debian/rules: Don't use tcmalloc on armhf. * debian/rules: Remove precise-specific conditions. More simple. * debian/rules: In install-validation, don't use mktemp. Hard-code destination. * debian/patches/gsettings-display-scaling: Disable because code moved and needs refactoring. * debian/patches/display-scaling-default-value: Disable because probbly not needed any more. * debian/rules: widevine cdm is not really available in this source. No longer lie about that. * Set new GOOG keys to bisect service overuse problem. -- Chad MILLER <email address hidden> Wed, 24 Aug 2016 13:30:26 -0400
chromium-browser (37.0.2062.120-0ubuntu0.12.04.3) precise-security; urgency=medium * debian/patches/nss-323-fix.patch: fix compatibility with nss 3.23. (LP: #1604191) -- Marc Deslauriers <email address hidden> Mon, 18 Jul 2016 19:46:48 -0400
226 → 300 of 614 results | First • Previous • Next • Last |